Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: DOing a script from

From: SunandaDH::aol::com at: 31-Oct-2006 6:57

> Hm, I never knew I would create so much problems
Not your problems! They're problems mainly to do with embedding scripts in HTML pages in a way that is both: a) safe (ie we escape characters that could be used to execute XSS and other types of attack); and b) executable by REBOL It's tricky to get it all right.
> So I'm now uploading new version that does not check for its header.
There is no in-principle reason why scripts in the Library should not assume they have been installed. Many do. But if it can be avoided, that makes things more flexible. Thanks for the revised version. Gabriele:
> Maybe you can use a CDATA section?
Maybe. But then we'd have to escape the ]]> string that closes a CDATA (to stop someone uploading a script that contains a close CDATA sctring followed by malicious HTML. There's no ideal solution -- not that I know of, anyway. Sunanda.